server { server_name tribu.semdestino.org; listen 80 default_server; listen 443 ssl default_server; ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main; error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug; root /etc/html/; location /doc { alias /srv/www/doc; index index.html; } location /pub { proxy_pass http://wiki.c2.ank:8080; } location /wiki { proxy_pass http://wiki.c2.ank:8080; } location /git { proxy_pass http://git.c2.ank:8080; } location /forum { proxy_pass http://forum.c2.ank:8080; } location /task { proxy_pass http://task.c2.ank:8080; } location /shop { proxy_pass http://shop.c2.ank:8080; } location /email { proxy_pass http://email.c2.ank:8080; } location /mirror { proxy_pass http://c1.ank; } location /awstats { proxy_pass http://awstats.c2.ank:8080; } location /stats { proxy_pass http://stats.c2.ank:8080; } # ACME challenge location ^~ /.well-known { proxy_pass http://wiki.c2.ank; } location / { proxy_pass http://frontpage.c2.ank; } }